Actions
Bug #13913
closed
Logs full of WARN Attribute 'apiAuthorizationKind' or 'expirationTimestamp' is defined for API account but it will be ignored
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
82
Name check:
Fix check:
Regression:
Description
I'm not sure if the problem lies in Rudder or in one of user-management/api-authorization plugins, but we get into a situation where any action in Rudder leads to new logs:
WARN com.normation.rudder.repository.ldap.LDAPEntityMapper - Attribute 'apiAuthorizationKind' or 'expirationTimestamp' is defined for API account 'admin' [admin], it will be ignored because the account is of type 'user'.
LDAP entry looks like:
dn: apiAccountId=admin,ou=API Accounts,ou=Rudder,cn=rudder-configuration apiAccountId: admin objectClass: apiAccount objectClass: top cn: admin creationTimestamp: 20181023124204.477Z apiToken: xxxxxxxxxx apiTokenCreationTimestamp: 20181023124204.477Z description: API token for user 'admin' isEnabled: TRUE apiAccountKind: user structuralObjectClass: apiAccount entryUUID: ca12ae10-6b0c-1038-8970-7396c7013d6a creatorsName: cn=manager,cn=rudder-configuration createTimestamp: 20181023124204Z apiAuthorizationKind: rw entryCSN: 20181024141834.113179Z#000000#000#000000 modifiersName: cn=manager,cn=rudder-configuration modifyTimestamp: 20181024141834Z entryDN: apiAccountId=admin,ou=API Accounts,ou=Rudder,cn=rudder-configuration subschemaSubentry: cn=Subschema hasSubordinates: FALSE
So the problem is "apiAuthorizationKind". It may already be there in Rudder 4.3.
The severity is low, and in fact there's little reason for the log level to be "warn". It should be "debug".
Updated by François ARMAND almost 6 years ago
- Translation missing: en.field_tag_list set to Sponsored
- Severity set to Minor - inconvenience | misleading | easy workaround
- User visibility set to Operational - other Techniques | Rudder settings | Plugins
- Priority changed from 0 to 65
Updated by François ARMAND almost 6 years ago
- Effort required set to Very Small
- Priority changed from 65 to 94
It should be really small, most likelly the warning for "apiAuthorizationKind" should not be there.
Updated by François ARMAND almost 6 years ago
It may be related to #12958 but most likely not.
Updated by Vincent MEMBRÉ almost 6 years ago
- Target version changed from 4.3.8 to 4.3.9
- Priority changed from 94 to 93
Updated by François ARMAND almost 6 years ago
OK, the problem seems to be that "apiAuthorizationKind" is added when it should not bootstrap check "CheckApiTokenAutorizationKind".
Updated by François ARMAND almost 6 years ago
- Status changed from New to In progress
Updated by François ARMAND almost 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/2111
Updated by François ARMAND almost 6 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|d5a7dca1c8a15540657c7d35f9c5f9c7ac1c2862.
Updated by Alexis Mousset almost 6 years ago
- Status changed from Pending release to Released
- Priority changed from 93 to 92
Updated by François ARMAND over 4 years ago
- Related to Bug #18052: Error displayed when switching from full access to read only added
Actions